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DETAILED ACTION 



Response to Arguments 



1 . Applicant's arguments filed on October 1 5, 2003 have been fully considered but 
they are not persuasive. 

The applicant has argued that the teachings of Freier et al fails to disclose of 
multiplexing. The examiner respectfully disagrees for the teachings of Freier et al 
disclose of establishing an SSL session that includes multiple secure (network) 
connections and parties may have multiple simultaneous (multiplexed) sessions 
(tunnels)(pg 9-10, Section 5.1). The examiner notes that the teachings of Freier et al do 
not explicitly recite the term "multiplexing", however the examiner is basing their 
interpretation of term "multiplexing" based on the teachings of Fryer et al in the 
Microsoft Press Computer Dictionary, pg 320, whereby multiplexing is defined as "a 
technique used in communications and input/output operations for transmitting a 
number of separate signals simultaneously over a single channel or line." The 
teachings of Freier et al disclose of SSL sessions including multiple secure connections 
whereby the parties have multiple simultaneous sessions (pg 9-10, Section 5.1). Based 
upon the teachings of Fryer et al, the examiner's interpretation is consistent with that 
which is known to one of ordinary skill in the art. 

The examiner notes that the applicant has seasonably challenged official notice 
taken by the examiner only for the rejection of the independent claims 1,40, and 79 that 
include the limitations "either of the endpoints of the being able to receive data or 
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receive connection" whereby the examiner has provided a reference as evidence to 
support the examiner's stance of official notice based upon the teachings of Weinstein 
et al. Please refer to the rejection below for the examiner's rationale as per the citation 
of evidence to support the examiner's stance of official notice. 

Furthermore, the applicant has failed to seasonably challenge the official notice 
taken by the examiner for the limitations in claims 6,7,1 1 ,45,46,50,84,85, and 89 of 
"maintaining sufficient send buffers for receiving forwarded data between endpoints and 
maintaining buffers for multiplexed data"; claims 8-10,47-49, and 86-88 of "queuing data 
received at a destination, dispatching the queued data to a final destination, and to 
acknowledge the receipt of the data which tracks the usage of buffers at the endpoint"; 
and claims 28-39,67-78, and 106-1 17 of "the use of record exchanges between the 
endpoints wherein an usheropen, usheropenreply, ushersend, usherclose, 
ushersendup, usherack, usherend, and usherrst records". As per MPEP 2144.03(C), it 
recites that "the applicant must specifically point out the supposed errors in the 
examiner's action, which would include stating why the noticed fact is not considered to 
be common knowledge or well-known in the art" whereby the examiner notes that the 
applicant has failed to traverse the official notice taken with respect to claims 6-1 1 ,28- 
39,45,46-50,67-78,84,85-89, and 106-117. As per the MPEP 2144.03(C), "the common 
knowledge or well-known in the art statement is taken to be admitted prior art because 
applicant failed to traverse the examiner's assertion of official notice." 
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Claim Rejections - 35 USC § 103 

2. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

3. Claims 1,5-11,14,16,17,21,22,40-50,53,55,56,60,61,79,83-89,92,94,95, and 100 
are rejected under 35 U.S.C. 103(a) as being unpatentable over Freier et al in view of 
Weinstein et al. 

As per claims 1 ,5,40,44,79, and 83, it is disclosed by Freier et al of establishing 
an SSL session that includes multiple secure (network) connections and parties may 
have multiple simultaneous (multiplexed) sessions (tunnels)(pg 9-10, Section 5.1). The 
SSL protocol is configured to establish a (single) secure (encrypted) connection (tunnel) 
between a client and a server communicating across an insecure channel whereby both 
parties (client and server) are authenticated to each other (after the secure connection 
is opened)(pg 49, Section F & F.1.1). At a lowest level, SSL is layered on top of TCP 
(user level) which is a transport protocol (pg 3, Section 1). The teachings of Freier et al 
recite of establishing an SSL session that includes multiple secure (network) 
connections and parties may have multiple simultaneous (multiplexed) sessions 
(tunnels)(pg 9-10, Section 5.1) whereby it is interpreted by the examiner that either 
endpoints can receive connection requests for the simultaneous (multiplexed) 
connections. The teachings are silent in disclosing of either of the endpoints of the 
being able to receive data or receive connection requests. The teachings of Weinstein 
et al disclose of either client and server (endpoints) being able to receive data or 
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connection requests (col. 2, lines 23-34 and col. 8, lines 38-44 & 53-61). It would have 
been obvious to a person of ordinary skill in the art to have been motivated to apply a 
means of being able to receive data and to receive connection requests. It is 
notoriously well known to one of skill that in order to establish a connection between two 
parties (endpoints), one of the parties (endpoints) have to initiate the connection 
whereby the other receives the request for connection and if the connection is 
authenticated, the connection is permitted between the two as is taught by Weinstein et 
al (col. 2, lines 23-34). Additionally, the teachings of Freier et al disclose of establishing 
a secure tunnel between two partied (endpoints) whereby it is notoriously well known 
that either of the two can receive data wherein one of the locations is a sender and the 
other is the recipient of the information. It is obvious that the teachings of Freier et al 
comprise the features of atleast one of the parties (endpoints) being able to receive 
connection requests and to receive data for that is the intent of the teachings to 
establish a secure tunnel (connection) which mutually authenticates both parties 
(endpoints) and upon successful authentication, secure communications is permitted 
which would include the sending and receiving of data (pg 49, Section F & F.1.1) and 
which is additionally disclosed by the teachings of Weinstein et al for support to the 
teachings of Freier et al (col. 2, lines 23-34 and col. 8, lines 38-44 & 53-61). 

As per claims 3,42, and 81 , it is disclosed by Freier et al of the use of SSL and by 
establishing secure tunnels. Symmetric keys are used for data encryption (secure 
connection)(pg 4, Section 1). 

As per claims 6,7,11,45,46,50,84,85, and 89, it is disclosed by Freier et al of a 
means which uses multiplexing and the establishment of secure tunnels. The teachings 
of Freier et al are silent on disclosing the use of maintaining sufficient send buffers for 
receiving forwarded data between endpoints and maintaining buffers for the multiplexed 
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data. The examiner hereby takes official notice that such a concept is notoriously well 
known. It would have been obvious to a person of ordinary skill in the art that the use of 
buffers is necessary since large amounts of data can not be in complete form, but rather 
in segmented portions by means such as packets or frames. Since the information has 
to be segmented, it is held in a temporary storage which holds it until all the information 
has been received where it will then be reassembled into its original form where it can 
then be executed. Since is it notoriously well known that a processor cannot properly 
execute portions of data or if the data is out of order, buffering the data would allow the 
data in its entirety to be successfully executed if it is sent through a single connection or 
transferred to multiple destinations via multiplexing. Although the teachings of Freier et 
al are silent on this concept, it is obvious that there exists sufficient buffers to handle 
large volumes of information that which are transferred across networks in a secure 
manner. 

As per claim 8-10,47-49, and 86-88, the teachings of Freier et al are silent in 
disclosing the use of queuing data received at a destination, dispatching the queued 
data to a final destination, and to acknowledge the receipt of the data which tracks the 
usage of buffers at the endpoint. The examiner hereby takes official notice that such a 
concept is notoriously well known. It would have been obvious to a person of ordinary 
skill that it is notoriously well known that the use of buffers is necessary since large 
amounts of data can not be in complete form, but rather in segmented portions by 
means such as packets or frames. Since the information has to be segmented, it is 
held in a temporary storage which holds it until all the information has been received 
where it will then be reassembled into its original form where it can then be executed. 
The information is then placed in a queue which accepts stages the data as a first in, 
first out pattern and the recipient then reassembles the data and checks to see if all the 
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data has been correctly received. The information in the buffers is tracked to monitor 
the data flow to insure that all the data is received. It is obvious that the teachings of 
Freier et al utilizes a queue for staging data as is notoriously known to one of skill in the 
art. 

As per claims 14,16,17,21,22,53,55,56,60,61,92,94,95,99 and 100, it is recited 
by Freier et al of a secure connection (portals) between a client and a server. The 
teachings of Freier et al are silent in disclosing of the use of a client operating behind a 
firewall (gate) and the use of communications between an Intranet and the Internet. 
The examiner hereby asserts that it is obvious to make of these features. SSL is known 
as a protocol which can be implemented in any networking environment and as long as 
the two parties are authenticated to one another, based on the teachings of Freier et al 
(pg 49, Section F & F.1 .1), the secure connection can be established. The teachings of 
Freier et al only disclose of the establishment of a connection between a client and 
server, but alternative forms of connections can occur across the Internet with 
connections to local area networks, Intranets, or other destinations. The locals are 
typically protected by means of a firewall which is known as a security system to protect 
an organization's network from external threats across the Internet and all 
communications are routed through a proxy server outside the organization to protect 
the network from communicating directly with potential attackers. It is obvious that SSL 
can be applied to different infrastructures wishing to establish secure connections with 
one another. 



4. Claims 2,28-39,41,67-78,80, and 106-117 are rejected under 35 U.S.C. 103(a) 
as being unpatentable over Freier et al in view of Weinstein et al in further view of Fryer 
et al. 
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As per claims 2,41 , and 80, Freier et al discloses of the use of TCP (pg 3, 
Section 1). The teachings of Freier et al are silent in disclosing the use of UDP (User 
Datagram Protocol). It is disclosed by Fryer et al that UDP is a connectionless protocol 
within TCP/IP (pg 482). It would have been obvious to a person of ordinary skill in the 
art at the time of the invention to have been motivated to apply UDP as an alternative 
protocol. Fryer et al discloses the benefits of UDP by reciting that UDP converts 
messages generated by an application into packets which are sent via IP, but does not 
verify that messages have been delivered correctly and it is more efficient than TCP (pg 
482). The teachings of Freier et al do disclose of the use of TCP/IP (pg 39, Appendix B) 
and it would have been obvious that the teachings of Freier et al would have benefitted 
by utilizing UDP as an efficient means of transferring information as disclosed by Fryer 
et al. 

As per claims 28-39,67-78, and 106-1 17, it is disclosed by Freier et al of 
establishing an SSL session that includes multiple secure (network) connections and 
parties may have multiple simultaneous (multiplexed) sessions (tunnels)(pg 9-10, 
Section 5.1). The SSL protocol is configured to establish a (single) secure (encrypted) 
connection (tunnel) between a client and a server communicating across an insecure 
channel whereby both parties (client and server) are authenticated to each other (after 
the secure connection is opened)(pg 49, Section F & F.1.1). The teachings of Fryer et 
al are relied upon for the use of UDP. The teachings of Freier et al are silent in 
disclosing of the use of record exchanges between the endpoints wherein an 
usheropen, usheropenreply, ushersend, usherclose, ushersendudp, usherack, 
usherend, and usherrst records. The examiner hereby takes official notice that the use 
of those records are notoriously well known as protocol standards for establishing 
connections and allowing computers to communicate with one another. It would have 
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been obvious to a person of ordinary skill in the art at the time of the invention to have 
been inclined to use a particular type of protocol to set up communications with a 
remotely located node and that there are procedures that have to occur in order for the 
communications to take place. Using an usheropen command would allow a 
connection to be opened, the usheropen reply is a reply responsive to the usheropen 
command, the ushersend command passes the information, the usherack 
acknowledges the information that which is received, the usher close command ends 
the connection, the ushersendudp command initiates the sending of UDP packets, the 
usherend command terminates a connection, and the usherrst command resets the 
connection. In any of the situations, the particular protocol type commands are 
responsive to conditions that dictate the success of a connection, for the cause of the 
usherack command, if an acknowledgment is unsuccessful, then the connection can not 
be established, it may or may not retry sending for an acknowledgment and then may 
time out without a connection being established. It is obvious that the teachings of 
Freier et al follow the protocols of TCP that obey the rules that govern the particular 
type of protocol as is notoriously well known that which is used for establishing 
connections and allowing the respective computers to communicate. 

5. Claims 12,51, and 90 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Freier et al in view of Wienstein et al in further view of Griffiths et al. 

It is disclosed by Freier et al of the establishment of a secure tunnel across the 
Internet. The teachings of Freier et al are silent on disclosing of resolving domain 
names. It is taught by Griffiths et al of the use of a domain name system which resolves 
domain names (col. 11, lines 59-63). It would have been obvious to a person of 
ordinary skill in the art at the time of the invention to have been motivated to apply a 
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means to resolve domain names in order to establish a connection with a remotely 
located web site. Griffiths et al recites motivation for the use of DNS by reciting that it is 
essential that domain name has an associated IP address that needs to be determined 
from the URL address. Since the user enters a URL address, it must be resolved to a 
specific IP address in order to access the web site (col. 1 1 , line 59 through col. 12, line 
15). It is obvious that the teachings of Freier et al use domain name resolving since it is 
essential for this to occur unless if the particular user knows the IP address which can 
then be entered. 

6. Claims 13,52, and 91 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Freier et al in view of Weinstein et al in further view of the Netscape Handbook. 

It is disclosed by Freier et al of establishing an SSL session that includes multiple 
secure (network) connections and parties may have multiple simultaneous (multiplexed) 
sessions (tunnels)(pg 9-10, Section 5.1). The SSL protocol is configured to establish a 
(single) secure (encrypted) connection (tunnel) between a client and a server 
communicating across an insecure channel whereby both parties (client and server) are 
authenticated to each other (after the secure connection is opened)(pg 49, Section F & 
F.1 .1). The teachings of Freier et al are silent in disclosing of the use of SOCKS mode. 
The Netscape Handbook discloses of the use of SOCKS which is software that allows 
computers inside a firewall to gain access to the Internet and is usually installed on a 
server positioned either inside or on the firewall (pg 15-16). It would have been obvious 
to a person of ordinary skill in the art at the time of the invention to have been motivated 
to apply SOCKS as a means of accessing information on the Internet. The Netscape 
Handbook recites motivation for the use of SOCKS as allowing a client inside a firewall 
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gain access to the Internet. It is obvious that the teachings of Freier et al would have 
used SOCKS since clients access information across the Internet and SOCKS is the 
protocol which allows the communications. 

7. Claims 15,18-20,23-25,54,57-59,62-64,93,96-98, and 101-103 are rejected under 
35 U.S.C. 103(a) as being unpatentable over Freier et al in view of Weinstein et al in 
further view of Coley et al. 

The teachings of Freier et al disclose of the use of SSL which provides a secure 
channel (portal). It is obvious that the teachings of Freier et al can be utilized in the 
environment of Internet and an Intranet which utilize a firewall (see motivation in the 
cited rejection of claims 14,16,17,21,22,53,55,56,60,61,92,94,95,99 and 100). It is 
obvious that the teachings of Freier et al can implement a firewall, but the disclosure is 
silent in reciting of the use of a bastion firewall host computer. It is disclosed by Coley 
et al of this feature of a bastion firewall host computer (col. 12, line 12). It would have 
been obvious to a person of ordinary skill in the art to have been motivated to apply a 
bastion firewall since Coley et al recites motivation for the use of a bastion firewall by 
disclosing that using a firewall as a bastion host, it acts on behalf of the user and the 
identity of the internal network elements is preserved since the firewall protects the 
identity of whose elements it is acting on behalf of and the external users see the 
address of the firewall, not the internal elements, namely the user's client computer (col. 
12, lines 14-24). The teachings of Freier et al would have benefitted from this feature to 
allow the user's identity to be further protected in addition to establishing a secure 
connection with a trusted location and the teachings of Coley et al add an additional 
security measure which would not have affected the operations of the teachings of 
Freier et al. 
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8. Claims 26,65, and 104 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Freier et al in view of Wienstein et al in further view of Raz. 

The teachings of Freier et al are silent in disclosing of the use of communications 
between an Intranet and the Internet. The examiner hereby asserts that it is obvious to 
make of these features. SSL is known as a protocol which can be implemented in any 
networking environment and as long as the two parties are authenticated to one 
another, based on the teachings of Freier et al (pg 49, Section F & F.1.1), the secure 
connection can be established. The teachings of Freier et al only disclose of the 
establishment of a connection between a client and server, but alternative forms of 
connections can occur across the Internet with connections to local area networks, 
Intranets, or other destinations. It is obvious that SSL can be applied to different 
infrastructures wishing to establish secure connections with one another. 

The teachings of Freier et al are silent in reciting of the use of a second Intranet. 
It is disclosed by Raz of the use of multiple Intranets (col. 11, lines 56-57). It would 
have been obvious at the time of the invention to have been motivated to apply 
additional Intranets to allow multiple users residing on different Intranets access to the 
Internet. The teachings of Raz recite motivation for the use of multiple Intranets by 
disclosing firewalls protect the Intranets and SSL is used to protect the transaction data 
that is conducted by the clients located on the Intranets and the servers located on the 
Internet (col. 1 1 , lines 53-64). It is obvious that the teachings of Freier et al are not 
limited to just one Intranet, but rather to multiple Intranets to allow for secure 
transactions to be conducted via SSL from any location. 
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9. Claims 27,66, and 105 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Freier et al in view of Weinstein et al in further view of Raz in further 
view of Coley et al. 

The teachings of Freier et al are silent in disclosing of the use of a client 
operating behind a firewall (gate) and the use of communications between an Intranet 
and the Internet. The examiner hereby asserts that it is obvious to make of these 
features. SSL is known as a protocol which can be implemented in any networking 
environment and as long as the two parties are authenticated to one another, based on 
the teachings of Freier et al (pg 49, Section F & F.1.1), the secure connection can be 
established. The teachings of Freier et al only disclose of the establishment of a 
connection between a client and server, but alternative forms of connections can occur 
across the Internet with connections to local area networks, Intranets, or other 
destinations. The locals are typically protected by means of a firewall which is known 
as a security system to protect an organization's network from external threats across 
the Internet and all communications are routed through a proxy server outside the 
organization to protect the network from communicating directly with potential attackers. 
It is obvious that SSL can be applied to different infrastructures wishing to establish 
secure connections with one another. 

It is obvious that the teachings of Freier et al can implement usage of a firewall, 
but are silent in disclosing the use of a bastion firewall host computer. It is disclosed by 
Coley et al of this feature of a bastion firewall host computer (col. 12, line 12). It would 
have been obvious to a person of ordinary skill in the art to have been motivated to 
apply a bastion firewall since Coley et al recites motivation for the use of a bastion 
firewall by disclosing that using a firewall as a bastion host, it acts on behalf of the user 
and the identity of the internal network elements is preserved since the firewall protects 
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the identity of whose elements it is acting on behalf of and the external users see the 
address of the firewall, not the internal elements, namely the user's client computer (col. 
12, lines 14-24). The teachings of Freier et al would have benefitted from this feature to 
allow the user's identity to be further protected in addition to establishing a secure 
connection with a trusted location and the teachings of Coley et al add an additional 
security measure which would not have affected the operations of the teachings of 
Freier et al. 



Conclusion 

10. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Christopher A. Revak whose telephone number is 703- 
305-1843. The examiner can normally be reached on M-Th, 6:30a-4:00p, alt. Fr, 
6:30am-3:00pm. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 703-305-9586. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is 703-305- 
3900. 
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